Re: [Tcpcrypt] Initial questions
Joe Touch <touch@isi.edu> Wed, 18 June 2014 21:26 UTC
Return-Path: <touch@isi.edu>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A9DF1A0319 for <tcpcrypt@ietfa.amsl.com>; Wed, 18 Jun 2014 14:26:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.851
X-Spam-Level:
X-Spam-Status: No, score=-4.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MCoEmzHnvS1n for <tcpcrypt@ietfa.amsl.com>; Wed, 18 Jun 2014 14:26:49 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4DBD1A0303 for <tcpcrypt@ietf.org>; Wed, 18 Jun 2014 14:26:49 -0700 (PDT)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id s5ILQZpK010839 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 18 Jun 2014 14:26:35 -0700 (PDT)
Message-ID: <53A2040B.7000804@isi.edu>
Date: Wed, 18 Jun 2014 14:26:35 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Sandy Harris <sandyinchina@gmail.com>, tcpcrypt@ietf.org
References: <CACXcFmmQCgTu6-QLJZdH8Q+ZST97ugoTaUWCUV0S6AWsjvCGfg@mail.gmail.com>
In-Reply-To: <CACXcFmmQCgTu6-QLJZdH8Q+ZST97ugoTaUWCUV0S6AWsjvCGfg@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/8OCW_s5cb_OoMQOpY062ukWQhL0
Subject: Re: [Tcpcrypt] Initial questions
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jun 2014 21:26:51 -0000
On 6/18/2014 2:15 PM, Sandy Harris wrote: > This is basically a fine idea & I'm glad to see people working on it. > > Some comments in the archive had me somewhat worried, and the current > draft charter has the following: > > - When encryption is enabled, it must at least provide protection against > passive eavesdropping by default, > ... > When encryption is enabled, then the protocol: > - must always provide forward secrecy. > - must always provide integrity protection of the payload data ... > - must always provide payload encryption. > > Why on Earth do these have "When encryption is enabled"? As others > have said quite eloquently in various posts, there is no reason at all > to even consider a null encryption mode; anyone who needs that can > just fall back to TCP. That's what "when encryption is enabled" means - i.e., there are (at least) two valid modes: use TCPCRYPT do not use TCPCRYPT Regardless of what this WG develops, the latter will always need to be an alternative. The charter is perhaps being overly pedantic in noting that the gains claimed occur only when the methods indicated are in use. Joe
- [Tcpcrypt] Initial questions Sandy Harris
- Re: [Tcpcrypt] Initial questions Tony Arcieri
- Re: [Tcpcrypt] Initial questions Joe Touch
- Re: [Tcpcrypt] Initial questions Joe Touch
- Re: [Tcpcrypt] Initial questions marcelo bagnulo braun
- Re: [Tcpcrypt] Initial questions marcelo bagnulo braun
- Re: [Tcpcrypt] Initial questions ianG
- Re: [Tcpcrypt] Initial questions ianG
- Re: [Tcpcrypt] Initial questions ianG
- Re: [Tcpcrypt] Initial questions Joe Touch
- Re: [Tcpcrypt] Initial questions ianG
- Re: [Tcpcrypt] Initial questions Joe Touch
- Re: [Tcpcrypt] Initial questions ianG
- Re: [Tcpcrypt] Initial questions Joe Touch
- Re: [Tcpcrypt] Initial questions Tony Arcieri
- Re: [Tcpcrypt] Initial questions Derek Fawcus
- Re: [Tcpcrypt] Initial questions Derek Fawcus
- Re: [Tcpcrypt] Initial questions Joe Touch
- Re: [Tcpcrypt] Initial questions Stephen Kent
- Re: [Tcpcrypt] Initial questions Joe Touch
- Re: [Tcpcrypt] Initial questions ianG
- Re: [Tcpcrypt] Initial questions Sandy Harris
- Re: [Tcpcrypt] Initial questions Joe Touch
- Re: [Tcpcrypt] Initial questions Stephen Farrell
- Re: [Tcpcrypt] Initial questions Stephen Farrell
- Re: [Tcpcrypt] Initial questions Tero Kivinen